it management & governance diagnostic program02it.ca › wp-content › uploads › 2016 › 08...

IT Management & Governance Diagnostic Program

Prepared for Sample IT Company

This report was prepared by Info-Tech Research Group for Sample IT Company on 2016-05-20. Data is comprised of 6 responses.

TEST DOCUMENT

1. Survey IT leaders to assess IT department strengths and weaknesses• Your IT leadership team will complete a short survey which will identify current state of IT Management &

Governance processes focusing on:

◦ Effectiveness◦ Importance◦ Ownership

2. Review report and establish clear ownership for critical IT functions• With Info-Tech, review your results report to understand your team’s perception of each process’ importance and

effectiveness• Identify where the gaps exist between your team's process scores to see where there is a difference in opinion• Discuss which processes, if improved, would have the greatest impact on your department and organization• Build a plan to ensure clear accountability and to engage a broader team with process accountability• Ensure key IT Leaders are not overwhelmed with accountability

3. Book & Conduct A Team Alignment Exercise• Gather your team and discuss the discrepancies for the processes with the greatest gaps in scores.• Bring the entire team onto the same page re: which processes are most important and least effective.• Establish process owners for the IT processes. Each relevant process must have at least one person accountable for

monitoring and improvement initiatives.• Info-Tech offers a workshop to help you to complete step 3 & 4 in 5-days at your site.

4. Create A Roadmap Of Key Processes To Improve• Once your team has reached a consensus on which processes to focus on, create a process improvement roadmap

outlining which processes your team will focus on over the next 12 months.• Determine responsibilities and timelines, as well as regular checkpoints with your team to monitor progress.

IT Management & Governance Diagnostic Program Sample IT Company # of Responses 6

TEST DOCUMENT2

STRATEGY &GOVERNANCE

EDM01

IT Governance

APO02

IT Strategy

MEA01

PerformanceMeasurement

EDM02

Business Value

APO06

Cost & BudgetManagement

APO10

VendorManagement

FINANCIALMANAGEMENT

APO01

IT Management &Policies

APO04

Innovation

APO08

EDM05

StakeholderRelations

BAI08

KnowledgeManagement

EDM04

CostOptimization

PEOPLE &RESOURCES

APO07

Human ResourcesManagement

ITRG01

IT OrganizationalDesign

ITRG02

Leadership, Culture& Values

ITRG03

Manage ServiceCatalog

SERVICE PLANNING &ARCHITECTURE

APO03

EnterpriseArchitecture

APO09

ServiceManagement

APO11

QualityManagement

INFRASTRUCTURE& OPERATIONS

BAI04

Availability &CapacityManagement

BAI09

AssetManagement

DSS01

OperationsManagement

BAI06

ChangeManagement

BAI10

Con1gurationManagement

DSS02

Service Desk

SECURITY& RISK

DSS05

SecurityManagement

APO12

EDM03

Risk Management

BAI07

ReleaseManagement

DSS03

Incident & ProblemManagement

APO13

Security Strategy

DSS06

MEA02

Business ProcessControls & Internal Audit

MEA03

ExternalCompliance

DSS04

BusinessContinuity

DSS04

Disaster RecoveryPlanning

APPLICATIONS

ITRG04

Application PortfolioManagement

BAI03

Enterprise ApplicationSelection &Implementation

BAI03

ApplicationDevelopmentThroughput

BAI07

ApplicationDevelopment Quality

ITRG05

ApplicationMaintenance

BAI05

OrganizationalChange Management

PPM & PROJECTS

DATA & BI

ITRG06

Business Intelligence& Reporting

ITRG07

Data Architecture

ITRG08

Data Quality

APO05

PortfolioManagement

BAI01

ProjectManagement

BAI02

RequirementsGathering

This diagnostic program was developed using the Info-Tech World Class Operations framework which is made up of IT processes

that map to the COBIT standard based on the numbers in the top right corner. This page is a snapshot of the IT process

landscape within your IT department. The processes have been colour coded based on your team’s importance and effectiveness

scores for each IT process. Use this page to help you prioritize your IT process improvement initiatives.

ImproveProcess

Immediately

HighImportanceand LowEffectiveness

EvaluateProcess

LowImportanceand LowEffectiveness

MaintainProcess

LowImportanceand HighEffectiveness

LeverageProcess

HighImportanceand HighEffectiveness

IT Management & Governance FrameworkA comprehensive and connected set of research tohelp you optimize and improve your core IT processes

High Level Process Landscape (Importance: Effectiveness) Sample IT Company # of Responses 6

TEST DOCUMENT3

NoImportance

1.0 - 6.0

LimitedImportance

6.1 - 7.4

SigniKcantImportance

7.5 - 8.0

CriticalImportance

8.1 - 10

These are all of your IT processes ranked based on their perceivedimportance, from the most important to the least important. Use this data tounderstand which processes your team believes are crucial to them and tothe organization.

CriticalImportance IT Strategy 9.8 Service Desk 9.3 Security

Management 9.3 Incident &Problem

Management9.3 Business

Continuity 9.2

Data Quality 9.2 ProjectManagement 9.2 Cost

Optimization 9.2 KnowledgeManagement 9.2 Disaster

RecoveryPlanning

9.2

IT Governance 9 Cost & BudgetManagement 9 IT

OrganizationalDesign

9 QualityManagement 9 Business

Intelligence &Reporting

8.8

ServiceManagement 8.8 Data

Architecture 8.8 RiskManagement 8.8 Availability &

CapacityManagement

8.7 PerformanceMeasurement 8.7

Innovation 8.7 PortfolioManagement 8.7 External

Compliance 8.5 SecurityStrategy 8.5 IT

Management &Policies

8.5

StakeholderRelations 8.5 Change

Management 8.5 Leadership,Culture &

Values8.3 Enterprise

Architecture 8.3 OperationsManagement 8.3

EnterpriseApplicationSelection &

Implementation8.3 Organizational

ChangeManagement

8.3 ReleaseManagement 8.2

SigniFcantImportance Business

Value 8 HumanResources

Management8 Asset

Management 8 Con1gurationManagement 8 Business

ProcessControls &

Internal Audit7.8

ApplicationPortfolio

Management7.8 Requirements

Gathering 7.8 ApplicationMaintenance 7.8 Application

DevelopmentThroughput

7.7

LimitedImportance Manage

ServiceCatalog

7.3 VendorManagement 7.2

No Importance ApplicationDevelopment

Quality5.3

Red 2.5 - 9 SigniFcant Gap in Alignment

2.7 Application Development Quality Yellow 1.1 - 2.4 Gap in Alignment

2.3 Application Portfolio Management 2.1 External Compliance 2.1 Enterprise Architecture 2.0 Business Process Controls & Internal Audit 1.6 Business Value 1.6 Application Development Throughput 1.6 Vendor Management

1.5Enterprise Application Selection &

Implementation 1.5 Release Management Green 0 - 1 Minimal Gap in Alignment

Top 10 Areas ofDisagreement

Process Importance Sample IT Company # of Responses 6

TEST DOCUMENT4

Not inPlace

N/A

NotEffective

0.0 - 4.9

SomewhatIneffective

5.0 - 6.9

SomewhatEffective

7.0 - 7.9

VeryEffective

8.0 - 10.0

This page shows all your IT processes in order of their perceivedeffectiveness, from least effective to most effective. Use this data tounderstand which processes your team believes are currently performingwell and which processes are currently struggling or broken.

Not InPlace

Not Effective ApplicationDevelopment

Quality4.3

SomewhatIneffective Application

PortfolioManagement

5 ManageServiceCatalog

5.2 ReleaseManagement 5.3 Change

Management 5.7 BusinessProcess

Controls &Internal Audit

5.7

OrganizationalChange

Management5.8 Application

DevelopmentThroughput

6 HumanResources

Management6 Service Desk 6.2 Asset

Management 6.2

ExternalCompliance 6.2 Business Value 6.2 Vendor

Management 6.3 RequirementsGathering 6.3 Business


6.3

ApplicationMaintenance 6.3 Operations

Management 6.5 CostOptimization 6.5 Con1guration

Management 6.7 SecurityStrategy 6.7

EnterpriseApplicationSelection &

Implementation6.7 IT

OrganizationalDesign

6.8 QualityManagement 6.8 Risk

Management 6.8 Data Quality 6.8

Availability &Capacity

Management6.8 Disaster

RecoveryPlanning

6.8

SomewhatEffective IT Governance 7 Service

Management 7 IT Management& Policies 7 Enterprise

Architecture 7 SecurityManagement 7

StakeholderRelations 7 Leadership,

Culture &Values

7 BusinessContinuity 7 Cost & Budget

Management 7.2 DataArchitecture 7.2

PortfolioManagement 7.2 Innovation 7.3 Project

Management 7.3 KnowledgeManagement 7.5 Performance

Measurement 7.7

IT Strategy 7.7 Incident &Problem

Management7.8

Very Effective

Red 2.5 - 9 SigniFcant Gap in Alignment

2.9 Data Quality 2.6 Application Portfolio Management 2.5 Service Desk Yellow 1.1 - 2.4 Gap in Alignment

2.5 Application Development Quality 2.3 Manage Service Catalog 2.3 IT Organizational Design 2.2 Operations Management 2.1 Cost Optimization 2.1 Change Management 2.1 External Compliance Green 0 - 1 Minimal Gap in Alignment

Top 10 Areas ofDisagreement

Process Effectiveness Sample IT Company # of Responses 6

TEST DOCUMENT5

Use this grid to prioritize your team’s process improvement initiatives. The top processes in each quadrant have been listed in this grid. Please use the following page as reference for any quadrants withadditional processes. Focus your time and energy on the processes in the top left quadrant Frst, which received high importance scores but low effectiveness scores.

Improve Process Immediately Leverage Process

Evaluate Process Maintain Process

Service Desk

Disaster Recovery Planning

Data Quality

Cost Optimization

IT Strategy

Incident & ProblemManagement

Security Management

Knowledge Management

Application PortfolioManagement Business Value

ConFguration Management

Human ResourcesManagement

Asset Management

Manage Service Catalog

Vendor Management

Application DevelopmentQuality

Strategy &Governance

FinancialManagement

People &Resources

Service Planning &Architecture

Infrastructure &Operations

Security & Risk Applications

Data & BI PPM & Projects

Additional processesreported in this quadrant

Process Prioritization Sample IT Company # of Responses 6

TEST DOCUMENT6

This page outlines the current process accountabilities for each IT process. These individuals have indicated that they are accountable for all of the processesthat sit next to their names. Pay particular attention to processes who have more than one individual accountable, as well as processes that have nobody heldaccountable for them. Determine whether the current accountability distribution makes sense, and which processes need more or less attention.

Name If a person has been identiKed as accountable for three processes or more, a warning sign will show up. Being accountable for too many processes can result in insufKcient attention being paid to each individual process.

Missing Accountability

Hank Moore

Innovation IT Governance IT Management& Policies IT Strategy Performance

Measurement StakeholderRelations Business


DataArchitecture Data Quality Enterprise

Architecture EnterpriseApplicationSelection &

Implementation Organizational

ChangeManagement Project

Management RequirementsGathering

ApplicationMaintenance Availability &

CapacityManagement Change

Management ConBgurationManagement Operations

Management ReleaseManagement Service

Management BusinessContinuity Disaster

RecoveryPlanning External

Compliance RiskManagement Asset

Management Cost & BudgetManagement Portfolio

Management Vendor

Management HumanResources

Management Leadership,Culture &

Values ITOrganizational

Design Business Value CostOptimization Knowledge

Management Quality

Management Manage ServiceCatalog Service Desk Incident &

ProblemManagement Security

Strategy SecurityManagement Business Process

Controls & InternalAudit

ApplicationPortfolio

Management ApplicationDevelopmentThroughput Application

DevelopmentQuality

David Martin

PerformanceMeasurement Stakeholder

Relations BusinessIntelligence &

Reporting DataArchitecture Data Quality Application

Maintenance ChangeManagement

OperationsManagement Release

Management ServiceManagement Business

Continuity ExternalCompliance Risk

Management AssetManagement

Leadership,Culture &

Values ITOrganizational

Design QualityManagement Manage Service

Catalog Service Desk Incident &Problem

Management SecurityStrategy

SecurityManagement Business Process

Controls & InternalAudit

Process Accountability Sample IT Company # of Responses 6

TEST DOCUMENT8

Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner ofthis process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with thisprocess. I manage the process maturity and I’m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with thisprocess and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process.

AccountableOnly

Accountable &Responsible

ResponsibleOnly

Involved:Consulted

Involved:Informed

Not InvolvedAccountability ConLict

Accountability ConLict &Responsibility ConLict Responsibility ConLict

Peter Green

Availability &Capacity

Management BusinessContinuity Business Process

Controls & InternalAudit Change

Management ConBgurationManagement Disaster

RecoveryPlanning Enterprise

Architecture IT Governance IT

OrganizationalDesign IT Strategy Incident &

ProblemManagement Innovation Manage Service

Catalog QualityManagement

ReleaseManagement Risk

Management SecurityManagement Security

Strategy ServiceManagement Vendor

Management ApplicationDevelopmentThroughput

ApplicationMaintenance Asset

Management ExternalCompliance IT Management

& Policies KnowledgeManagement Leadership,

Culture &Values Organizational

ChangeManagement

RequirementsGathering Stakeholder

Relations ApplicationPortfolio

Management Business Value Cost & BudgetManagement Cost

Optimization EnterpriseApplicationSelection &

Implementation

HumanResources

Management OperationsManagement Portfolio

Management ProjectManagement Service Desk Performance

Measurement ApplicationDevelopment

Quality Business

Intelligence &Reporting Data

Architecture Data Quality

Team Process Involvement Sample IT Company # of Responses 6

TEST DOCUMENT10

Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner ofthis process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with thisprocess. I manage the process maturity and I’m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with thisprocess and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process.

AccountableOnly

Accountable &Responsible

ResponsibleOnly

Involved:Consulted

Involved:Informed

Not InvolvedAccountability ConLict

Accountability ConLict &Responsibility ConLict Responsibility ConLict

Karen McCoy

ApplicationMaintenance Project

Management ReleaseManagement Asset

Management ConBgurationManagement Enterprise

ApplicationSelection &

Implementation IT Strategy

Incident &Problem

Management KnowledgeManagement Manage Service

Catalog Service Desk StakeholderRelations Application

PortfolioManagement Change

Management Enterprise

Architecture Innovation Availability &Capacity

Management BusinessContinuity Business Value Cost

Optimization DisasterRecoveryPlanning

IT Governance IT Management& Policies Leadership,

Culture &Values Operations

Management PortfolioManagement Quality

Management RiskManagement

SecurityStrategy Service

Management ApplicationDevelopment

Quality ApplicationDevelopmentThroughput Business

Intelligence &Reporting Business Process

Controls & InternalAudit Cost & Budget

Management Data

Architecture Data Quality ExternalCompliance Human

ResourcesManagement IT

OrganizationalDesign Organizational

ChangeManagement Performance

Measurement Requirements

Gathering SecurityManagement Vendor

Management

Team Process Involvement Sample IT Company # of Responses 6

TEST DOCUMENT11

Who isaccountable?

Have questions or need expert insight into a speciKc IT process? Below each process in the above framework you can contact the name of the individual who isaccountable for the process within your organization.

STRATEGY &GOVERNANCE

EDM01IT Governance

Peter Green

APO02IT Strategy

Peter Green

MEA01PerformanceMeasurement

David Martin

EDM02Business Value

Hank Moore

APO06Cost & BudgetManagement

Hank Moore

APO10Vendor Management

Peter Green

FINANCIALMANAGEMENT

APO01IT Management &

Policies

Hank Moore

APO04Innovation

Peter Green

APO08EDM05Stakeholder

Relations

Karen McCoy

BAI08Knowledge

Management

Karen McCoy

EDM04Cost Optimization

Hank Moore

PEOPLE &RESOURCES

APO07Human Resources

Management

Hank Moore

ITRG01IT Organizational

Design

Peter Green

ITRG02Leadership, Culture &

Values

David Martin

ITRG03Manage Service

Catalog

Peter Green

SERVICE PLANNING &ARCHITECTURE

APO03Enterprise

Architecture

Peter Green

APO09Service Management

Peter Green

APO11Quality Management

Peter Green

INFRASTRUCTURE& OPERATIONS

BAI04Availability & Capacity

Management

Peter Green

BAI09Asset Management

Karen McCoy

DSS01Operations

Management

David Martin

BAI06Change Management

Peter Green

BAI10Con1gurationManagement

Peter Green

DSS02Service Desk

Karen McCoy

SECURITY& RISK

DSS05Security Management

Peter Green

APO12EDM03Risk Management

Peter Green

BAI07Release Management

Peter Green

DSS03Incident & Problem

Management

Peter Green

APO13Security Strategy

Peter Green

DSS06MEA02Business Process Controls

& Internal Audit

Peter Green

MEA03External Compliance

David Martin

DSS04Business Continuity

Peter Green

DSS04Disaster Recovery

Planning

Peter Green

APPLICATIONSITRG04

Application PortfolioManagement

Hank Moore

BAI03Enterprise Application

Selection &ImplementationKaren McCoy

BAI03Application Development

Throughput

Hank Moore

BAI07Application Development

Quality

Hank Moore

ITRG05Application

Maintenance

Karen McCoy

BAI05Organizational Change

Management

Hank Moore

PPM & PROJECTS

DATA & BIITRG06

Business Intelligence &Reporting

David Martin

ITRG07Data Architecture

David Martin

ITRG08Data Quality

David Martin

APO05Portfolio

Management

Hank Moore

BAI01Project Management

Karen McCoy

BAI02Requirements

Gathering

Hank Moore

IT Management & Governance FrameworkA comprehensive and connected set of research tohelp you optimize and improve your core IT processes

TEST DOCUMENT17

The IT leader must focus on improving the processes in the top left quadrant Frst in order to see the biggest impact.

Improve Process Immediately Leverage Process

Evaluate Process Maintain Process

Disaster Recovery Planning

Risk Management

External Compliance

Security Strategy

Security Management

Business Continuity

Business Process Controls &Internal Audit

Strategy &Governance

FinancialManagement

People &Resources

Service Planning &Architecture

Infrastructure &Operations

Security & Risk Applications

Data & BI PPM & Projects

Additional processesreported in this quadrant

Security & Risk: Process Prioritization Sample IT Company # of Responses 6

TEST DOCUMENT36

DSS05

Security

Management

Protect enterprise information as required by the business.Establish and maintain information security roles and accessprivileges, and perform security monitoring to minimize thebusiness impact of operational information securityvulnerabilities and incidents.

4th Most Important Process (out of 45)

11th Most Effective Process (out of 45)

Average Importance score 9.3

Average Effectiveness score 7.0

NameEffectiveness

scoresImportance

scoresGap

Hank Moore 9.0 9.0 0.0

David Martin 9.0 10.0 -1.0

Kimberly Wilson 8.0 9.0 -1.0

Tracy Hall 7.0 10.0 -3.0

Karen McCoy 5.0 9.0 -4.0

Peter Green 4.0 9.0 -5.0

DSS04

Disaster RecoveryPlanning

Establish and maintain a plan to enable IT to respond toincidents and disruptions in order to continue operationof required IT services and assets.


23rd Most Effective Process (out of 45)



NameEffectiveness

scoresImportance

scoresGap




Tracy Hall 7.0 10.0 -3.0



DSS04

Business

Continuity

Establish and maintain a plan to enable the business torespond to incidents and disruptions in order to continueoperation of business and IT processes.





NameEffectiveness

scoresImportance

scoresGap



David Martin 8.0 8.0 0.0

Tracy Hall 7.0 10.0 -3.0



Security & Risk: Detailed Responses Sample IT Company # of Responses 6

* GAP = (Effectiveness score - Importance score), indicates the degree to which effectiveness is sufKcient given the importance of each process. Negative scores indicate processes that aren't as effective as they are important.** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process.

37

APO12

EDM03

Risk Management

Continually identify, assess and reduce IT-related riskwithin levels of tolerance set by the business.





NameEffectiveness

scoresImportance

scoresGap



Tracy Hall 8.0 9.0 -1.0




MEA03

External

Compliance

Ensure that IT processes and IT-supported businessprocesses are compliant with laws, regulations andcontractual requirements.





NameEffectiveness

scoresImportance

scoresGap



Tracy Hall 6.0 9.0 -3.0




APO13

Security Strategy

DeFne, operate and monitor a system for informationsecurity management. Keep the impact and occurrenceof information security incidents within the business’ riskappetite levels.





NameEffectiveness

scoresImportance

scoresGap


David Martin 9.0 9.0 0.0


Kimberly Wilson 6.0 6.0 0.0

Tracy Hall 6.0 9.0 -3.0


Security & Risk: Detailed Responses Sample IT Company # of Responses 6

* GAP = (Effectiveness score - Importance score), indicates the degree to which effectiveness is sufKcient given the importance of each process. Negative scores indicate processes that aren't as effective as they are important.** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process.

38

Fill in process name

Sub-process 1

Sub-process 2

Sub-process 3

Sub-process 4

Fill in process owner's Name

Considerations and Diagnostic Questions Considerations and Diagnostic Questions

Steps Goals Metrics for success Timeline



Post-Alignment Worksheet Sample IT Company # of Responses 6

TEST DOCUMENT51

Strategy & GovernanceIT Governance: Provide a consistent approach so that

IT-related decisions are made in line with the business

strategies and objectives. Ensure that IT-related processes

are overseen effectively and transparently, and that legal and

regulatory compliance requirements are met.

IT Strategy: Align strategic IT plans with business

objectives. Clearly communicate the objectives and

associated accountabilities so they are understood by all,

with the IT strategic options identiBed, structured and

integrated with the business plans.

IT Management & Policies: Provide a consistent

approach to enable IT to meet the business governance

requirements, covering management processes,

organisational structures, roles and responsibilities, reliable

and repeatable activities, and skills and competencies.

Performance Measurement: Manage IT and process

goals and metrics. Monitor and communicate that

processes are performing against expectations, and provide

transparency of performance and conformance.

Innovation: Stay up to date with IT trends, identify

innovation opportunities, and plan how to use technology

innovation to create a competitive advantage, enable

business innovation, or achieve improved operational

effectiveness and efBciency.

Stakeholder Relations: Manage the relationship

between the business and IT to ensure that the stakeholders

are satisBed with the services they need from IT and have

visibility into IT processes.

Financial ManagementBusiness Value: Secure optimal value from IT-enabled

initiatives, services and assets by delivering cost-efBcient

solutions and services and by providing a reliable and

accurate picture of costs and beneBts.

Cost & Budget Management: Manage the IT-related

Bnancial activities and prioritize spending through the use of

formal budgeting practices. Provide transparency and

accountability of the cost and business value of IT solutions

and services.

Cost Optimization: Ensure that adequate and sufBcient

IT-related capabilities e.g., people, process and technology,

are available to support business objectives effectively at

optimal cost.

Vendor Management: Manage IT-related services

provided by all suppliers, including the selection of suppliers,

management of relationships, management of contracts,

and reviewing and monitoring of supplier performance.

People & ResourcesHuman Resources Management: Manage

structuring, placement, decision rights and skills of human

resources. This includes communicating the deBned roles

and responsibilities, learning and growth plans, and

performance expectations.

IT Organizational Design: Set up the structure of IT’s

people, processes, and technology as well as roles and

responsibilities to ensure that they’re best meeting the

needs of the business.

Leadership, Culture & Values: Ensure that the IT

department reCects the values of your organization. Improve

the leadership skills of your team to generate top

performance.

Knowledge Management: Maintain the availability of

knowledge to support all process activities and to facilitate

decision making. Provide the knowledge required to support

all IT staff in their work activities.

Service Planning & ArchitectureEnterprise Architecture: Establish a management

practice to create and maintain a coherent set of principles,

methods, and models that are used in the design and

implementation of the enterprise’s business processes,

information systems, and infrastructure.

Service Management: Align IT-enabled services and

service levels with business needs and expectations,

including identiBcation, speciBcation, design, publishing,

agreement, and monitoring of IT services, service levels and

performance indicators.

Quality Management: DeBne and communicate quality

requirements in all processes, procedures and business

outcomes. Ensure the consistent delivery of IT solutions and

services to meet the quality requirements of the business

and satisfy stakeholder needs.

Manage Service Catalog: Produce, maintain, and

promote a service catalog containing accurate information

on all operational IT services, as well as those being

prepared to be run operationally.

Infrastructure & OperationsAvailability & Capacity Management: Balance

current and future needs for availability, performance and

capacity of IT systems and infrastructure through the

forecast of future performance and capacity requirements.

Change Management: Manage all IT system changes

in a controlled manner, including standard changes and

emergency maintenance relating to business processes,

applications and infrastructure. Enable fast and reliable

delivery of change to the business and mitigate the risk of

negatively impacting the stability of the changed

environment.

Asset Management: IT assets through their life cycle

to make sure that they deliver value at optimal cost, remain

operational, are accounted for and physically protected.

Ensure that the assets are reliable and available as needed.

ConEguration Management: Provide sufBcient

information about IT service assets to enable the service to

be effectively managed. DeBne and maintain descriptions

and relationships between key resources and capabilities

required to deliver IT-enabled services.

Release Management: Successfully implement new

IT solutions and services in line with the agreed-on

expectations and outcomes. Ensure that the implementation

of new solutions and services has the necessary support,

from planning to execution to post-implementation support

and staff training.

Operations Management: Manage the activities and

operational procedures required to deliver IT services,

including standard operating procedures and monitoring

activities.

Service Desk: Provide timely and effective response to

user requests and resolution of all types of incidents.

Restore normal service; record and fulBl user requests; and

record, investigate, diagnose, escalate and resolve incidents.

Incident & Problem Management: Identify and

classify problems and their root causes and provide timely

resolution to prevent recurring incidents. Reduce the number

of operational problems.

Process Descriptions Sample IT Company # of Responses 6

TEST DOCUMENT52

Security & RiskSecurity Strategy: DeBne, operate and monitor asystem for information security management. Keep theimpact and occurrence of information security incidentswithin the business’ risk appetite levels.

Security Management: Protect enterprise informationas required by the business. Establish and maintaininformation security roles and access privileges, andperform security monitoring to minimize the businessimpact of operational information security vulnerabilities andincidents.

Business Process Controls & Internal Audit:Manage business process controls such as self-assessments and independent assurance reviews to ensurethat information related to and used by business processesmeets security and integrity requirements.

External Compliance: Ensure that IT processes and IT-supported business processes are compliant with laws,regulations and contractual requirements.

Risk Management: Continually identify, assess andreduce IT-related risk within levels of tolerance set by thebusiness.

Business Continuity: Establish and maintain a plan toenable the business to respond to incidents and disruptionsin order to continue operation of business and IT processes.

Disaster Recovery Planning: Establish and maintaina plan to enable IT to respond to incidents and disruptions inorder to continue operation of required IT services andassets.

ApplicationsApplication Portfolio Management: Manage theorganization’s suite of applications by determining eachapplication’s ability to provide value to the business relativeto its cost. Identify which applications to retire, grow orreplace, repurpose or sustain.

Enterprise Application Selection &Implementation: Manage the selection andimplementation of enterprise applications, off-the-shelfsoftware and Software as a Service, to ensure that ITprovides the business with the most appropriateapplications at an acceptable cost.

Application Development Throughput: Establisha timely and cost-effective system for the development ofapplications capable of supporting the business’ strategicand operational goals.

Application Development Quality: Implementstandard procedures in the application developmentprocess, including testing strategies, testing preparation andtesting execution, to ensure that the quality of theapplications meet business requirements.

Application Maintenance: Manage the constantimprovement and changes to the organization’s applicationsafter they have been originally delivered and implemented.

Data & BIBusiness Intelligence & Reporting: Develop a setof capabilities, including people, processes and technology,to enable the transformation of raw data into meaningfuland useful information for the purpose of business analysis.

Data Architecture: Manage the business’ databases,including the technology, the governance processes and thepeople that manage them. Establish the principles, policies,and guidelines relevant to the effective use of data within theorganization.

Data Quality: Put policies, processes and capabilities inplace to ensure that appropriate targets for data quality areset and achieved to match the needs of the business.

PPM & ProjectsPortfolio Management: Manage the project portfolioof IT programs and services, demand within resource andfunding constraints, while ensuring that the portfolio meetsthe business’ priorities. Monitor the performance of theoverall portfolio of services and programs to ensure that theIT investments meet the business’ expectations.

Project Management: Manage all IT programs andprojects from the portfolio in alignment with the businessstrategy. Initiate, plan, control, and execute programs andprojects to ensure that the business realizes project beneBtswhile experiencing few delays and cost overruns.

Requirements Gathering: Manage the collection ofbusiness requirements as they pertain to acquiring orcreating IT solutions.

Organizational Change Management: Implementor optimize the organization’s capabilities for managing theimpact of new business processes, new IT systems, andchanges in organizational structure or culture.

Process Descriptions Sample IT Company # of Responses 6

TEST DOCUMENT53

it management & governance diagnostic program02it.ca › wp-content › uploads › 2016 › 08...

Documents